<cfcomponent hint="Cleans form and url data to prevent cross browser scripting attacks.  This sript should included in all form submissions for better security unless one of your form fields uses the HTML editor.">
<cffunction name="cleanforminput" access="public" returntype="struct">
  <cfargument name="fields" type="struct" required="yes">
  <cfargument name="skip" type="string" required="no" default="" hint="comma delimited list of form field names to skip in this check">
    	
  <cfset formfields.nothing = ''>
  <cfloop collection="#form#" item="var">
  <cfif NOT listcontains(skip, var, ",")>
  	<cfset aTempField = #evaluate('fields.' & var)#>
    <!---removes null attempts first--->
	<cfset aTempField = Replace(aTempField, "\0", "", "ALL")>
	<cfset aTempField = Replace(aTempField, "//", "", "ALL")>
	<cfset aTempField = Replace(aTempField, "!--", "", "ALL")>
	<cfset aTempField = Replace(aTempField, "#chr(9)#", "", "ALL")>
   	<cfset aTempField = Replace(aTempField, "\t", "", "ALL")>
    
	<!---remove any script tags--->
    <cfset aTempField = Replace(aTempField, "<script", "", "ALL")>
    <cfset aTempField = Replace(aTempField, "</script>", "", "ALL")>
    <cfset aTempField = Replace(aTempField, "/script", "", "ALL")>
  	<cfset aTempField = Replace(aTempField, "javascript:", "", "ALL")>
    <cfset aTempField = Replace(aTempField, "alert(", "", "ALL")>
	<cfset aTempField = Replace(aTempField, ".js", "", "ALL")>            
  	<cfset aTempField = Replace(aTempField, "'", "", "ALL")>
  	<cfset aTempField = Replace(aTempField, """", "", "ALL")>
	<cfset "formfields.#var#" = aTempField>
  </cfif>
  </cfloop>

  <cfreturn formfields>
</cffunction>
<cffunction name="cleanurlinput" access="public" returntype="struct">
  <cfargument name="urlvars" type="struct" required="yes">
	
  <cfset urlfields.nothing = ''>
  <cfloop collection="#url#" item="var">
  	<cfset aTempField = #evaluate('urlvars.' & var)#>
    <!---removes null attempts first--->
	<cfset aTempField = Replace(aTempField, "\0", "", "ALL")>
	<cfset aTempField = Replace(aTempField, "//", "", "ALL")>
	<cfset aTempField = Replace(aTempField, "!--", "", "ALL")>
	<cfset aTempField = Replace(aTempField, "#chr(9)#", "", "ALL")>
   	<cfset aTempField = Replace(aTempField, "\t", "", "ALL")>
    
	<!---remove any script tags--->
    <cfset aTempField = Replace(aTempField, "<script", "", "ALL")>
    <cfset aTempField = Replace(aTempField, "</script>", "", "ALL")>
    <cfset aTempField = Replace(aTempField, "/script", "", "ALL")>
  	<cfset aTempField = Replace(aTempField, "javascript:", "", "ALL")>
    <cfset aTempField = Replace(aTempField, "alert(", "", "ALL")>
	<cfset aTempField = Replace(aTempField, ".js", "", "ALL")>            
  	<cfset aTempField = Replace(aTempField, "'", "", "ALL")>
  	<cfset aTempField = Replace(aTempField, """", "", "ALL")>
	<cfset "urlfields.#var#" = aTempField>
  </cfloop>

  <cfreturn urlfields>
</cffunction>
</cfcomponent>